Cyber Round-up for 30th October
Welcome to the latest edition of the Ironshare Cyber Round-up where we look back at the events of that last week and cover some of the news, posts, views, and highlights from the world of Security.
In this week’s round-up:
Nitro, a PDF service used by approximately 1.8 million users, to create, and sign digital documents has suffered a major data breach. Nitro issued an advisory on the 21st October stating they had experienced a low impact security incident and that no customer data was at risk. That was not the whole story, with a database of 70 million records containing email, names, hashed passwords and IP addresses, being amongst the data for sale via private auction. If you have a Nitro account its advisable to get that password changed ASAP.
The guys at PWNDEFEND have published a new blog highlighting the 10 things you wish you had done before being hit by a ransomware attack. The last thing any of us want when we login for the first time, on a new day at work, is to be presented with a dreaded ransom note. For those of you that want to try and prevent this very scenario, head over to the blog to see what these 10 things can do to help you and your business.
Patients of Vastaamo, a large clinic based in Finland, have been subjected to a blackmail campaign, after their data was stolen in a breach. Personally identifiable information and recorded notes about therapy sessions were stolen during two incidents in November 2018 and March 2019. Patients are being contacted by ‘the ransom guy’ and ordered to pay increasing fees, and if they fail to pay, their details and sessions will be published online. Approximately 300 records have so far been published on the dark web.
DNS based attacks are on the rise with over 83% of service providers experiencing some form of attack. Common attack types used by hackers were phishing attacks (37%), DNS-based malware (33%), DDoS attacks (27%), lock-up domain attacks (22%), which may cause DNS services to exhaust their resources. Successful DNS attacks can have far reaching consequences, affecting both the provider and its customers, experiencing disruptions and outages. An effective DNS security architecture is key to fend off these attacks and avoid unwanted impact.
An alert has been issued by the FBI and Human Health Services in the US, warning of the continued threat of ransomware attacks on the health sector. Even during the pandemic, bad guys continue to use malware such as RYUK and TrickBot, to target healthcare which results in ransomware, data theft and disruption to health services. Recommendations include a strict patching regime, network segmentation and regular offline backups, to help both prevention and recovery activities.
The CISA alert can be found here.
Vulnerabilities & Updates
Researchers are warning that a critical remote code execution vulnerability in Oracle WebLogic (CVE-2020-14882), is being actively exploited by malicious actors. The vuln in question affects the WebLogic console and was fixed in the October release of its quarterly critical patch update. The attack is easy to execute, requiring no privileges and no user interaction to exploit using network access via HTTP. Oracle WebLogic users are urged to review and update their systems as soon as they can.
And that is it for this week’s round-up, please don’t forget to tune in for new instalments every week.
Stay Safe, Secure and Healthy!
Edition #115 – 30th October 2020
Why not follow us on social media:
Ironshare – Security Simplified